Adobe Download Manager 'gp.ocx' ActiveX Control Buffer Overflow Vulnerability

Bugtraq ID:	39615
Class:	Boundary Condition Error
CVE:	CVE-2010-1278
Remote:	Yes
Local:	No
Published:	Apr 15 2010 12:00AM
Updated:	Apr 15 2010 12:00AM
Credit:	Andrea Micalizzi aka rgod
Vulnerable:	Adobe Reader 9.1.3 Adobe Reader 9.1.2 Adobe Reader 9.1.1 Adobe Reader 8.1.7 Adobe Reader 8.1.6 Adobe Reader 8.1.5 Adobe Reader 8.1.4 Adobe Reader 8.1.3 Adobe Reader 8.1.2 Adobe Reader 8.1.1 Adobe Reader 7.1.4 Adobe Reader 7.1.3 Adobe Reader 7.1.2 Adobe Reader 7.1.1 Adobe Reader 7.0.9 Adobe Reader 7.0.8 Adobe Reader 7.0.7 Adobe Reader 7.0.6 Adobe Reader 7.0.5 Adobe Reader 7.0.4 Adobe Reader 7.0.3 Adobe Reader 7.0.2 Adobe Reader 7.0.1 Adobe Reader 7.0 Adobe Reader 9.2 Adobe Reader 9.1 Adobe Reader 9.0 Adobe Reader 8.1.2 Security Updat Adobe Reader 8.1 Adobe Reader 8.0 Adobe Reader 7.1 Adobe Acrobat Standard 9.1.3 Adobe Acrobat Standard 9.1.2 Adobe Acrobat Standard 8.1.7 Adobe Acrobat Standard 8.1.6 Adobe Acrobat Standard 8.1.4 Adobe Acrobat Standard 8.1.3 Adobe Acrobat Standard 8.1.2 Adobe Acrobat Standard 8.1.1 Adobe Acrobat Standard 7.1.4 Adobe Acrobat Standard 7.1.3 Adobe Acrobat Standard 7.1.1 Adobe Acrobat Standard 7.0.8 Adobe Acrobat Standard 7.0.7 Adobe Acrobat Standard 7.0.6 Adobe Acrobat Standard 7.0.5 Adobe Acrobat Standard 7.0.4 Adobe Acrobat Standard 7.0.3 Adobe Acrobat Standard 7.0.2 Adobe Acrobat Standard 7.0.1 Adobe Acrobat Standard 7.0 Adobe Acrobat Standard 9.1 Adobe Acrobat Standard 9 Adobe Acrobat Standard 8.1 Adobe Acrobat Standard 8.0 Adobe Acrobat Standard 7.1 Adobe Acrobat Professional 9.1.3 Adobe Acrobat Professional 9.1.2 Adobe Acrobat Professional 8.1.7 Adobe Acrobat Professional 8.1.6 Adobe Acrobat Professional 8.1.4 Adobe Acrobat Professional 8.1.3 Adobe Acrobat Professional 8.1.2 Adobe Acrobat Professional 8.1.1 Adobe Acrobat Professional 7.1.4 Adobe Acrobat Professional 7.1.3 Adobe Acrobat Professional 7.1.1 Adobe Acrobat Professional 7.0.9 Adobe Acrobat Professional 7.0.8 Adobe Acrobat Professional 7.0.7 Adobe Acrobat Professional 7.0.6 Adobe Acrobat Professional 7.0.5 Adobe Acrobat Professional 7.0.4 Adobe Acrobat Professional 7.0.3 Adobe Acrobat Professional 7.0.2 Adobe Acrobat Professional 7.0.1 Adobe Acrobat Professional 7.0 Adobe Acrobat Professional 9.1 Adobe Acrobat Professional 9 Adobe Acrobat Professional 8.1.2 Security Updat Adobe Acrobat Professional 8.1 Adobe Acrobat Professional 8.0 Adobe Acrobat Professional 7.1
Not Vulnerable:	Adobe Reader 9.3 Adobe Reader 8.2 Adobe Acrobat Standard 9.3 Adobe Acrobat Standard 8.2 Adobe Acrobat Professional 9.3 Adobe Acrobat Professional 8.2 Adobe Acrobat 9.3

Adobe Download Manager 'gp.ocx' ActiveX Control Buffer Overflow Vulnerability

Adobe Download Manager is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successful exploits allow remote attackers to execute arbitrary code in the context of the application, typically Internet Explorer, using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Download Manager 'gp.ocx' ActiveX Control Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Adobe Download Manager 'gp.ocx' ActiveX Control Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for details.

Adobe Download Manager 'gp.ocx' ActiveX Control Buffer Overflow Vulnerability

References:

• Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution V (Zero Day Initiative)
  
• Adobe Homepage (Adobe)
  
• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Cod ( ZDI Disclosures )
  
• APSB10-02 Security Advisory for Adobe Reader and Acrobat (Adobe)